Malek103197
asked on
IIS 6.0 Win2003 Server asp login & security
I'm looking for a full working example, or even a purchased product, that will -
Have a login.asp page containing 2 text boxes (username & password). User submits page to authenticatepage.asp, where a database is searched to determine if it is a valid username & pwd. Depending on the username, a specific asp page will be opened. I need to use session objects (I think) since I cannot have the user bookmark the page and return to it without going through the logIn page.
Some of the pages for the user are asp and others are html.
Thanks
Have a login.asp page containing 2 text boxes (username & password). User submits page to authenticatepage.asp, where a database is searched to determine if it is a valid username & pwd. Depending on the username, a specific asp page will be opened. I need to use session objects (I think) since I cannot have the user bookmark the page and return to it without going through the logIn page.
Some of the pages for the user are asp and others are html.
Thanks
alorentz
What do you want? This site is to help with problems....not write code for you.
Make an HTML page with the two text inputs (username & password) and a submit button. Then in the form tag in the action property (<form action="****" where *** is your submit page). This will send the user to this page when they click submit. You'll need to connect to a database and because you don't specify what kind of database you wish to use, even if EE did write code for you.... Then you can use response.redirect to point the user to the 'logged on' page or the 'not logged on' page.
ANYHOW if you do know what your database is post it and I'll help with HOW to do it. I'm totaly willing to spend an absurd amout of time teaching you how to create this.
I'd suggest using cookies, session objects are slow and unwieldy.
Don't forget ! Your in the ASP section of EE so we are assuming your using ASP and a server that can use ASP.
If you have no clue what I'm talking about, hire someone that does, you shouldn't be doing this.
Even if you purchse a program you'll still need to pruchase a database (SQL, Access etc.).
-Coolhand2120
ANYHOW if you do know what your database is post it and I'll help with HOW to do it. I'm totaly willing to spend an absurd amout of time teaching you how to create this.
I'd suggest using cookies, session objects are slow and unwieldy.
Don't forget ! Your in the ASP section of EE so we are assuming your using ASP and a server that can use ASP.
If you have no clue what I'm talking about, hire someone that does, you shouldn't be doing this.
Even if you purchse a program you'll still need to pruchase a database (SQL, Access etc.).
-Coolhand2120
ASKER
Ok, I'm trying to make sense of this script...
The way interpret it, is that when a page is opened and there is not a session UID, the the user will be directed to the logIn page, but I'm not clear on what the author refers to HTTP_REFERRER.
Need a bit of help understanding this script.
Thanks
Every Page
The script is implemented by including the following code above the <html> tag of every page;
<%
Dim HTTP_REFERRER
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "Cache-Control", "no-cache"
If Not(IsObject(Session("UID"
If Session("UID") = "" Then
HTTP_REFERRER = Request.ServerVariables("U
If Request.QueryString <> "" Then HTTP_REFERRER = HTTP_REFERRER & "?" & Request.QueryString
Response.Redirect "login.asp?HTTP_REFERRER="
End If
End If
%>
Login.asp -
Script
If the script on the requested page determines that the UID session variable has not been set, the users is redirected to the login page. The login page contains the following code above the <html> tag;
<%
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "Cache-Control", "no-cache"
Dim HTTP_REFERRER, UserObject
Status = "Please log in."
HTTP_REFERRER = Request("HTTP_REFERRER")
If Request.Form("username") <> "" Then
If Login Then
Session("UID") = UserObject.Item("username"
'Set Session("UID") = UserObject
If HTTP_REFERRER = "" Then
Response.Redirect "default.htm"
Else
Response.Redirect HTTP_REFERRER
End If
Else
Status = "Invalid Login... Please Try Again."
End If
End If
Function Login
Dim conn, rs, sql, dbFIle
dbFile = "login.mdb"
Set conn = Server.CreateObject("ADODB
conn.open "driver={Microsoft Access Driver (*.mdb)};dbq=" & Server.MapPath(dbFile) & ";"
Set rs = Server.CreateObject("ADODB
sql = "SELECT * FROM users WHERE username = '" &
Request.Form("Username") & "' AND password = '" & Request.Form("Password")& "'"
rs.Open sql, conn, 3, 3
If Not rs.EOF Then
Set UserObject = CreateObject("Scripting.Di
For each field in rs.Fields
UserObject.Add field.name, field.value
Next
Login = True
Else
Login = False
End If
rs.Close
set rs = nothing
conn.Close
set conn = nothing
End Function
%>
<html>
The way interpret it, is that when a page is opened and there is not a session UID, the the user will be directed to the logIn page, but I'm not clear on what the author refers to HTTP_REFERRER.
Need a bit of help understanding this script.
Thanks
Every Page
The script is implemented by including the following code above the <html> tag of every page;
<%
Dim HTTP_REFERRER
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "Cache-Control", "no-cache"
If Not(IsObject(Session("UID"
If Session("UID") = "" Then
HTTP_REFERRER = Request.ServerVariables("U
If Request.QueryString <> "" Then HTTP_REFERRER = HTTP_REFERRER & "?" & Request.QueryString
Response.Redirect "login.asp?HTTP_REFERRER="
End If
End If
%>
Login.asp -
Script
If the script on the requested page determines that the UID session variable has not been set, the users is redirected to the login page. The login page contains the following code above the <html> tag;
<%
Response.ExpiresAbsolute = Now() - 1
Response.AddHeader "Cache-Control", "no-cache"
Dim HTTP_REFERRER, UserObject
Status = "Please log in."
HTTP_REFERRER = Request("HTTP_REFERRER")
If Request.Form("username") <> "" Then
If Login Then
Session("UID") = UserObject.Item("username"
'Set Session("UID") = UserObject
If HTTP_REFERRER = "" Then
Response.Redirect "default.htm"
Else
Response.Redirect HTTP_REFERRER
End If
Else
Status = "Invalid Login... Please Try Again."
End If
End If
Function Login
Dim conn, rs, sql, dbFIle
dbFile = "login.mdb"
Set conn = Server.CreateObject("ADODB
conn.open "driver={Microsoft Access Driver (*.mdb)};dbq=" & Server.MapPath(dbFile) & ";"
Set rs = Server.CreateObject("ADODB
sql = "SELECT * FROM users WHERE username = '" &
Request.Form("Username") & "' AND password = '" & Request.Form("Password")& "'"
rs.Open sql, conn, 3, 3
If Not rs.EOF Then
Set UserObject = CreateObject("Scripting.Di
For each field in rs.Fields
UserObject.Add field.name, field.value
Next
Login = True
Else
Login = False
End If
rs.Close
set rs = nothing
conn.Close
set conn = nothing
End Function
%>
<html>
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks Coolhand2120, that is a lot simpler and very understandable.
NP. Let me know if it works out for you.
-Coolhand2120
-Coolhand2120